<?php

class UserController extends Controller {
	/**
	 * @return array action filters
	 */

	public function filters() {
		return array(
			'accessControl', // perform access control for CRUD operations
		);
	}

	/**
	 * Specifies the access control rules.
	 * This method is used by the 'accessControl' filter.
	 * @return array access control rules
	 */

	public function accessRules() {
		return array(
			array(
				'allow',
				'actions' => array(
					'passwordChange',
				),
				'users' => array(
					'@'
				),
			),
			array(
				'allow',
				'actions' => array(
					'create',
					'update',
					'admin',
					'view',
					'delete',
				),
				'roles' => array(
					'admin'
				),
			),
			array(
				'deny',
				// deny all users
				'users' => array(
					'*'
				),
			),
		);
	}

	/**
	 * Displays a particular model.
	 * @param integer $id the ID of the model to be displayed
	 */

	public function actionView($id) {
		$this->render('view', array(
				'model' => $this->loadModel($id),
			));
	}

	/**
	 * Creates a new model.
	 * If creation is successful, the browser will be redirected to the 'view' page.
	 */

	public function actionCreate() {
		$model = new User;

		// Uncomment the following line if AJAX validation is needed
		// $this->performAjaxValidation($model);

		if (isset($_POST['User'])) {
			$model->attributes = $_POST['User'];
			$model->password = Yii::app()->securityManager
				->hash($model->password, $model->username);
			if ($model->save())
				$this->redirect(array(
						'view',
						'id' => $model->id
					));
		}

		$this->render('create', array(
				'model' => $model,
			));
	}

	/**
	 * Updates a particular model.
	 * If update is successful, the browser will be redirected to the 'view' page.
	 * @param integer $id the ID of the model to be updated
	 */

	public function actionUpdate($id) {
		$model = $this->loadModel($id);

		// Uncomment the following line if AJAX validation is needed
		// $this->performAjaxValidation($model);

		if (isset($_POST['User'])) {
			if (isset($_POST['User']['password'])) {
				if (!empty($_POST['User']['password'])) {
					$model->password = Yii::app()->securityManager
						->hash($_POST['User']['password'], $model->username);
				}
				unset($_POST['User']['password']);
			}
			$model->attributes = $_POST['User'];
			if ($model->save())
				$this->redirect(array(
						'view',
						'id' => $model->id
					));
		}

		$this->render('update', array(
				'model' => $model,
			));
	}

	/**
	 * Deletes a particular model.
	 * If deletion is successful, the browser will be redirected to the 'admin' page.
	 * @param integer $id the ID of the model to be deleted
	 */

	public function actionDelete($id) {
		if (Yii::app()->request->isPostRequest) {
			// we only allow deletion via POST request
			$this->loadModel($id)->delete();

			// if AJAX request (triggered by deletion via admin grid view), we should not redirect the browser
			if (!isset($_GET['ajax']))
				$this
					->redirect(
						isset($_POST['returnUrl']) ? $_POST['returnUrl']
							: array(
								'admin'
							));
		} else
			throw new CHttpException(400,
				'Invalid request. Please do not repeat this request again.');
	}

	/**
	 * Lists all models.
	 */

	public function actionIndex() {}

	/**
	 * Manages all models.
	 */

	public function actionAdmin() {
		$model = new User('search');
		$model->unsetAttributes(); // clear any default values
		if (isset($_GET['User']))
			$model->attributes = $_GET['User'];

		$this->render('admin', array(
				'model' => $model,
			));
	}

	/**
	 * Returns the data model based on the primary key given in the GET variable.
	 * If the data model is not found, an HTTP exception will be raised.
	 * @param integer the ID of the model to be loaded
	 */

	public function loadModel($id) {
		$model = User::model()->findByPk($id);
		if ($model === null)
			throw new CHttpException(404, 'The requested page does not exist.');
		return $model;
	}

	public function actionPasswordChange() {
		$model = new PasswordChangeForm;

		// uncomment the following code to enable ajax-based validation
		/*
		if(isset($_POST['ajax']) && $_POST['ajax']==='password-change-form-passwordChange-form')
		{
		echo CActiveForm::validate($model);
		Yii::app()->end();
		}
		 */

		if (isset($_POST['PasswordChangeForm'])) {
			$model->attributes = $_POST['PasswordChangeForm'];
			if ($model->validate()) {
				// form inputs are valid, do something here
				$username = Yii::app()->user->name;
				$password = Yii::app()->securityManager->hash($model->newPassword, $username);
				$user = AccessControl::getCurrentUser(true);
				$user->password = $password;
				$user->save();
				Yii::app()->user->setFlash('password', '密码已经更新！');
				$this->refresh();
			}
		}
		$this->render('passwordChange', array(
				'model' => $model
			));
	}

	/**
	 * Performs the AJAX validation.
	 * @param CModel the model to be validated
	 */
	protected function performAjaxValidation($model) {
		if (isset($_POST['ajax']) && $_POST['ajax'] === 'user-form') {
			echo CActiveForm::validate($model);
			Yii::app()->end();
		}
	}
}
